diff options
author | Mario Vavti <mario@mariovavti.com> | 2018-01-14 07:42:58 +0100 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2018-01-14 07:42:58 +0100 |
commit | 8970d30c936ac4ae600a6fd18c95b2cdffd1e20d (patch) | |
tree | f3222b200936a1c5a907f6e987bb45d26e9ecc95 | |
parent | ce10a44e722c9bbaceff64273641c3e08c6ad7a5 (diff) | |
parent | eb3e43feec4e2de439de5398fcf498c0de5afbd4 (diff) | |
download | volse-hubzilla-8970d30c936ac4ae600a6fd18c95b2cdffd1e20d.tar.gz volse-hubzilla-8970d30c936ac4ae600a6fd18c95b2cdffd1e20d.tar.bz2 volse-hubzilla-8970d30c936ac4ae600a6fd18c95b2cdffd1e20d.zip |
Merge remote-tracking branch 'mike/master' into dev
-rw-r--r-- | Zotlabs/Module/Owa.php | 7 | ||||
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 2 | ||||
-rw-r--r-- | include/crypto.php | 4 |
3 files changed, 9 insertions, 4 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 9a39fe4c0..23ee14f39 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -38,14 +38,19 @@ class Owa extends \Zotlabs\Web\Controller { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { + logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); + logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); $ret['success'] = true; $token = random_string(32); - \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); + \Zotlabs\Zot\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); $result = ''; openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); $ret['encrypted_token'] = base64url_encode($result); break; } + else { + logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_addr']); + } } } } diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 9a8c23a9b..63033ce5e 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -117,7 +117,7 @@ class HTTPSig { logger('verified: ' . $x, LOGGER_DEBUG); - if($x === false) + if(! $x) return $result; if(! $spoofable) diff --git a/include/crypto.php b/include/crypto.php index 622add4dc..b990b18d9 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -22,13 +22,13 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { $alg = OPENSSL_ALGO_SHA256; $verify = @openssl_verify($data,$sig,$key,$alg); - if(! $verify) { + if($verify === (-1)) { while($msg = openssl_error_string()) logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR); btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); } - return $verify; + return (($verify > 0) ? true : false); } function pkcs5_pad ($text, $blocksize) |